Founded in 1993 by brothers Tom and David Gardner, The Motley Fool helps millions of people attain financial freedom through our website, podcasts, books, newspaper column, radio show, and premium investing services.

Will eBay's Data Breach Equal Target's?

The online auction giant had as many as 100 million customer log-ins compromised in a cyber attack.

The massivedata breach that compromised credit card data for 70 million to 110 million Target (NYSE:TGT) customers cost the chain's CEO his job and touched off a wave of panic among American consumers who wondered when the next major attack would occur.

The feared cyber attack appears to have already happened as attorneys general in three states along with European officials are investigating a data breach at eBay(NASDAQ:EBAY) that may have compromised more than 100 million users' passwords.

"The magnitude of the reported eBay data breach could be of historic proportions, and my office is part of a group of other attorneys general in the country investigating the matter," stated Florida Attorney General Pam Bondi.

eBay addressed the attack on its website and in an email sent to registered users urging them to change their passwords and in a press release posted on its website May 21 urging the same.

eBay [is] asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

The company explained how the attack occurred, saying that hackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network. The database, which was compromised between late February and early March, included eBay customers' names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. The database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago.

eBay said it has seen no indication of increased fraudulent account activity on its platform. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

The breach is on the same scale as Target's but the fact that credit card data was not stolen may mitigate the consumer fallout.

How bad was the data breach for Target's business?

Interim Target CEO John Mulligan told CNBC's Street Signs last week that the full extent of the damage to the company's business is not yet known.

"We're in a place when it comes to the data breach where we don't have visibility yet to potential third-party liabilities and operating expenses they've incurred," said Mulligan, also the company's chief financial officer.

Customers however remain mostly confident in the brand -- about 85% of the retail chain's shoppers do not plan to change their spending habits at Target in the next year, according to a Bloomberg national poll. Only 7% plan to reduce their spending.

Those numbers show that the impact for Target might not be catastrophic, but the fallout is still significant.

The retail giant's first quarter net earnings fell 16% to $418 million compared with $498 million in the same period last year. Overall sales actually increased 2.1% so while the company made less money it's not because shoppers were staying away.

Mulligan did not blame the data breach on the lower profitability, instead pointing to the company's struggling Canadian business and heavy use of discounts.

"The first quarter we used a significant amount of promotions and our gross margin rate was down more than a full percentage point," he told CNBC. "We'll strike more of a balance as we go forward."

Will eBay suffer?

The difference between Target's breach and eBay's is that it remains to be seen if customers of a purely digital enterprise react more warily to an attack that compromises their information. Target received a ton of bad press and likely burned some good will with its customer base, but ultimately it does not appear the breach cost it many customers.

eBay has the advantage that the fallout of its attack for its customers is the relatively minor hassle of switching passwords. The company also got out in front of the potential scandal and communicated with its users quickly making it clear that credit card data is stored separately in encrypted formats. As the attorneys general and various European agencies investigate the breach, eBay should continue being open about what happened. The company must also pledge to both do what it can to stop future breaches and to determine why it took weeks to detect this one.

If eBay continues to be open about what happened while taking steps to prevent future problems it seems unlikely customers will leave the service or that eBay will face major financial consequences.

Author

Daniel B. Kline is an accomplished writer and editor who has worked for Microsoft on its Finance app and The Boston Globe, where he wrote for the paper and ran the Boston.com business desk. His latest book, "Worst Ideas Ever," (Skyhorse) can be purchased at bookstores everywhere.
Follow @tworstideas